PHP :: Bug #45010 :: Output buffering produces segmentation fault

Bug #45010	Output buffering produces segmentation fault
Submitted:	2008-05-15 17:12 UTC	Modified:	2008-05-22 14:35 UTC
From:	Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.2.1	OS:	Linux (Slackware/SuSE)
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-05-15 17:12 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

Description:
------------
Output buffering gets segmentation fault

Reproduce code:
---------------
<?php
function ob_bug($buf)
{
        $full_buf = ob_get_clean();
        return $full_buf;
}

ob_start("ob_bug");

echo "test";
exit();
?>


Expected result:
----------------
$full_buf and $buf contains buffer

Actual result:
--------------
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1860)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1860)]
0x08255a92 in _zend_mm_alloc_int (heap=0x8534208, size=32) at /usr/src/websvr/php-5.2.1/Zend/zend_alloc.c:1497
1497                            zend_mm_add_to_free_list(heap, new_free_block);
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1873)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1873)]
0x08256565 in _emalloc (size=16) at /usr/src/websvr/php-5.2.1/Zend/zend_alloc.c:1866
1866            return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1875)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1875)]
zend_call_function (fci=0xbfd01080, fci_cache=0x0) at /usr/src/websvr/php-5.2.1/Zend/zend_execute_API.c:615
615             zend_class_entry *calling_scope = NULL;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-15 22:23 UTC] felipe@php.net

In HEAD this issue is fixed (the output control was rewrited):

"Fatal error: ob_get_clean(): Cannot use output buffering in output buffering display handlers"

[2008-05-16 21:47 UTC] jani@php.net

And does not crash with 5.2.6 either. Get that first.

[2008-05-22 14:34 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

[2008-05-22 14:34 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

[2008-05-22 14:35 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 14:01:35 2025 UTC